I have recently been studying a lot on writing secure code and choosing secure methods for saving passwords to a database. I'm wondering if it's secure to use ready made libraries or APIs to do this ...

The way I see it: there are two ways to encrypt data for a web app.
1) Store a single encryption key on the server, and use it to encrypt / decrypt data at runtime. The obvious issue here is that if ...

Website keep getting hacked every day and every now and then we hear website owners react and tell "affected users that their password might had been compromised". Most sites that disclose such leaks ...

I am looking at having our servers' sql databases for a few program and documents to be always encrypted on the HDD, but available to AD users. So one or multiple users with the right AD privileges ...

We have just planned to implement the same in our organization, and I believe this will encrypt files and data on disk. I have two questions:
Does it provide column level encryption in database (if ...

Let's say I have a straight forward completely database driven web site application and I store my database on my web server in the DMZ. I won't be broadcasting the IP address of my database because I ...

Situation is following:
I have identified sql injection attack vector, and have following information about target table:
It has six columns. (Identified using "order by").
I can see output of 3 of ...

EDIT: This is for the UK/Europe region.
I've been scratching my head reading other posts similar to this one about safely storing bank routing and account numbers. I know that routing numbers can be ...

I am doing a project with an architecture of single server and multiple database.
Every client request will contain a header containing database name that this request should connect. Is this a good ...

Obviously SQL Injection via the payload of a message is a very common practice and therefore it is always key to cover this (I already have in my code). However I'm just wondering about how possible ...

Table 1 has PHI and it's encrypted. Table 2 doesn't have PHI, isn't encrypted and has a foreign key to Table 1.
I'd like to recommend the strongest security. If there's a requirement in HIPAA, it's ...

I need to somewhere store my DB password on my production environment to access the DB. At the moment the prod system is deployed in the cloud, so is the DB.
The password, the username and some other ...

I was thinking recently of the steps to secure a database server. Most of us are aware how to handle the security on the application side, although a malicious user might find his way to bypass the ...

Would it be a good idea security-wise to store salts with their last character removed, and then bruteforce the last character to further the amount of time it would take to create rainbow tables and ...

Is it okay to store single-use beta keys in plain-text in the database? I'll be pre-generating and storing about 2M keys. The keys get passed around so that people can sign up with it, rather than let ...

In the traditional form, a password database is similar to any other database file, except the contents are encrypted using a key derived from a passphrase entered by the user. The user enters their ...

I have a general encryption question. I have read through many of the encryption related questions here and I can't find any specifically addressing my concern.
This is the hypothetical scenario:
I ...

I want to encrypt serialised customer details and store in a database to protect against attacks where the attacker has access to the raw database records. The records then need to be accessible by ...

I am wondering what other people do for storing passwords. Our current model at my employer is fundamentally flawed in my opinion, so I am trying to see what other people do so I can select the best ...

Sorry for this probably noobish question. So far, I've read password comparison/verification is implicitly understood to be made on the application layer and not in the database. For example in PHP, ...

If I'm building an application that connects to a remote database, where should I hide the credentials?
I've seen many suggest that you go through a web-application and use POST and GET requests to ...

Currently we are creating one small service, where we are using some sensitive data from users(not worth zillions but to me it is like password). The idea is that application itself only inserts this ...